shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-09 18:04:25 +09:00
Code Issues Packages Projects Releases Wiki Activity

Use constant time comparison function for HMAC comparison

Browse Source 
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 46d15b3161)
This commit is contained in:
Dirkjan Bussink
2014-04-23 17:27:10 -07:00
committed by Andreas Schneider
parent ac7c64a769
commit 8892577296
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/packet_crypt.c
View File

@@ -176,6 +176,17 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len)
return session->current_crypto->hmacbuf; return session->current_crypto->hmacbuf;
} }
static int secure_memcmp(const void *s1, const void *s2, size_t n)
{
int rc = 0;
const unsigned char *p1 = s1;
const unsigned char *p2 = s2;
for (; n > 0; --n) {
rc |= *p1++ ^ *p2++;
}
return (rc != 0);
}
/** /**
* @internal * @internal
* *
@@ -219,7 +230,7 @@ int ssh_packet_hmac_verify(ssh_session session,
ssh_print_hexa("Computed mac",hmacbuf,len); ssh_print_hexa("Computed mac",hmacbuf,len);
ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(uint32_t)); ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(uint32_t));
#endif #endif
if (memcmp(mac, hmacbuf, len) == 0) { if (secure_memcmp(mac, hmacbuf, len) == 0) {
return 0; return 0;
} }